How to Change the Default DNS IPs Added to the VMs?

Problem

Default DNS IPs 8.8.8.8 and 1.1.1.1 are getting added to the VMs when there is no DNS configured on a subnet.
Default IPs are configured within the neutron-server /etc/neutron/plugins/ml2/ml2_conf.ini file.

Environment

Private Cloud Director Virtualization - v2025.4 and Higher.
Self-Hosted Private Cloud Director Virtualization – v2025.4 and Higher.
Component - Networking

Procedure

For SaaS environments, the Platform9 support team should be contacted to implement the changes.

For Self-Hosted environments, the changes should be carried out directly from the Management Plane cluster.

A DNS entry is populating from the secret neutron-etc as shown below, which is referred in the neutron-server deployment. The config file is in the form of base64 encoded within the secret.
The secret can be found in the corresponding region namespace

$ kubectl get secret -n <REGION_NAMESPACE>

$ kubectl get secret -n <REGION_NAMESPACE> neutron-etc -oyaml |grep ml2_conf.ini | awk '{print $2}' | base64 -d
[agent]
extensions =
[ml2]
extension_drivers = dns,port_security
mechanism_drivers = openvswitch,ovn,l2population
tenant_network_types = vxlan
type_drivers = flat,vlan,local,geneve,vxlan
[ml2_type_flat]
flat_networks = *
[ml2_type_geneve]
max_header_size = 38
vni_ranges = 4:4000
[ml2_type_vlan]
network_vlan_ranges = ext_net,physnet
[ml2_type_vxlan]
vni_ranges = 4:4000
vxlan_group = 239.1.1.1
[ovn]
dns_servers = 8.8.8.8,1.1.1.1   <<------------   DNS IP
enable_distributed_floating_ip = true
neutron_sync_mode = repair
ovn_l3_scheduler = leastloaded

To modify the default IPs, follow the below steps

Redirect the config to a file.

$ kubectl get secret -n <REGION_NAMESPACE> neutron-etc -oyaml |grep ml2_conf.ini | awk '{print $2}' | base64 -d > secret_neutron-etc_ml2_conf.ini

Modify the file by replacing the IPs against dns_servers with your preferred IPs and Encode the file using base64.

$ vi secret_neutron-etc_ml2_conf.ini    ## Update prefered DNS IPs in dns_servers field

$ base64 secret_neutron-etc_ml2_conf.ini -w0   ## Encoding the file with new values

Edit the secret and replace the existing base64 encoded data with the new one on the variable ml2_conf.ini within the secret.

$ kubectl edit secret -n <REGION_NAMESPACE> neutron-etc
secret_neutron-etc edited

Run the following command to verify whether a new IP is being retrieved from the secret.

$ kubectl get secret -n <REGION_NAMESPACE> neutron-etc -oyaml |grep ml2_conf.ini | awk '{print $2}' | base64 -d

Scale the neutron-server deployment to 0. Once the pods are successfully terminated, scale it back to 2.

$ kubectl scale deploy_neutron-server -n <REGION_NAMESPACE> --replicas=0
deployment.apps_neutron-server scaled

$ kubectl scale deploy_neutron-server -n <REGION_NAMESPACE> --replicas=2
deployment.apps_neutron-server scaled

Verify that new DNS IPs are being received within the pod.

$ kubectl exec -it  -n <REGION_NAMESPACE> <NEUTRON_SERVER_POD> -c neutron-server -- cat _etc_neutron_plugins_ml2_ml2_conf.ini

Now, a VM should be created by attaching it to a network or subnet that does not have DNS configured manually. Once the VM is up and running, log in to it and execute the commands below to verify that the new IPs are reflected.

Note: These changes will not be reflected in the existing virtual machines.

$ resolvctl dns

$ ip route | grep <NEW_DNS_IP>

PreviousMetalLB VIP Connectivity Issues When Accessing VIP Externally NextVMs Inaccessible due to Underlying Hypervisors Frequently Going Offline

Last updated 1 month ago

Good afternoon

hashtagProblem

hashtagEnvironment

hashtagProcedure

Problem

Environment

Procedure